Product
MinIO Enterprise Object Store
Overview Architecture
Features
MinIO for Public Cloud
AWS GCS Azure
MinIO for Private Cloud
OpenShift SUSE Rancher Tanzu
MinIO for Baremetal
Linux and Windows
Determine your raw and usable capacity Erasure Code Calculator MinIO's Recommended Hardware Configuration Reference Hardware
Solutions
AI Storage Object storage is powering the AI revolution. Learn how MinIO is leading the AI storage market through performance at scale. Modern Datalakes Modern, multi-engine datalakes depend on object stores that deliver performance at scale. Learn more about this core MinIO use case. Hybrid Cloud Effective multi-cloud storage strategies rely on utilizing architecture and tools that can function seamlessly across diverse environments. Equinix Repatriate your data onto the cloud you control with MinIO on Equinix to lower costs while maintaining public cloud adjacency. Splunk Find out how MinIO is delivering performance at scale for Splunk SmartStores. Snowflake Query and analyze multiple data sources, including streaming data, residing on MinIO with the Snowflake Data Cloud. No need to move the data, just query using SnowSQL. SQL Server Discover how to pair SQL Server 2022 with MinIO to run queries on your data on any cloud - without having to move it. HDFS Migration Modernize and simplify your big data storage infrastructure with high-performance, Kubernetes-native object storage from MinIO. VMware Discover how MinIO integrates with VMware across the portfolio from the Persistent Data platform to TKG and how we support their Kubernetes ambitions. Veeam Learn how MinIO and Veeam have partnered to drive performance and scalability for a variety of backup use cases. Commvault Learn how Commvault and MinIO are partnered to deliver performance at scale for mission critical backup and restore workloads. Integrations Browse our vast portfolio of integrations.
Community
GitHub Join our GitHub open source community: explore, experiment, ask questions, and contribute. Slack Channel The MinIO Community Slack provides an open forum for discussing topics related to MinIO. All support is provided on a best-effort basis.
Docs Blog Resources Training Partner Pricing Download

SUBNET Security Features and Services

Matt Sarrel Matt Sarrel @msarrel Matt Sarrel on SUBNET
SUBNET Security Features and Services

In our previous blog post on SUBNET we talked about how you can support your MinIO clusters and meet SLAs by having direct access to engineers who work on the codebase on a daily basis. Using the SUBNET portal, everyone on your team is able to collaborate with our team to track and resolve potential issues. The SUBNET portal also serves as a searchable knowledge base so relevant details for previous issues are readily available.

This is the fourth post of our series on the features and capabilities available through our commercial relationship. If you missed our previous posts on the methods of communication and direct-to-engineer experience, exploring SUBNET Healthcheck and Performance and SUBNET Call-Home Diagnostics, then we recommend that you take a look at them to gain a better understanding of the features and capabilities offered through our commercial relationship.

MinIO code is secure and we go to great lengths to ensure that your data is always protected.

Security testing and patching of core MinIO code happens whether or not you’re a licensed MinIO customer. The code released to our community is as secure as we can make it. Everyone from community users to Standard and Enterprise licensees benefits from making MinIO as secure as we can.

Standard and Enterprise customers gain additional security services and features when they subscribe to SUBNET, and this blog post focuses on the software updates and security patches, critical security and bug detection and the annual security and policy review.

Software Release and Long Term Support

MinIO uses rigorous internal software processes and feedback from our massive global community to identify and remediate security vulnerabilities and production impacting bugs. Every MinIO build is scanned for known CVEs and other potential vulnerabilities before it is released. All releases are stress tested and tested functionally for CPU, memory and drive performance. Commercial customers get customized attention on how to adopt security patches and adapt to the constantly changing security landscape.

Standard clients receive one year of security and bug fixes and technical support, while Enterprises receive this benefit for five years. For enterprises in heavily regulated industries or with extensive MinIO deployments, upgrading to a new version may involve careful planning, and we support this need.

We give you the flexibility to upgrade a version only if you want to. Every release includes detailed release notes and, if you have any questions, you can always reach us through the SUBNET portal and one of our engineers will be able to help with the release. Please see Best Practices for Updates and Restarts to learn more about our recommendations for deploying new releases.

Security and Policy Review

MinIO was designed and built to be secure, and we are here to help you implement it securely. Our engineers will work with you to install the best choice of operating system with the latest security releases.

Our engineers will also help you with firewall configuration and other network security measures. In addition, we monitor licensed MinIO deployments using SUBNET Call-Home Diagnostics to quickly surface any security and policy issues.

MinIO engineers will readily work with you to develop and implement your own security policies. We typically do this prior to the initial production deployment and annually afterwards.

We will help you evaluate and remediate potential security vulnerabilities. Some of the questions we’ll ask during the security review include:

  • Which MinIO components are going to be deployed (MinIO Server, MinIO Operator, Sidekick, KES, etc.)?
  • Which version of each component will be deployed in which configuration (number of nodes, environment, networking, etc.)
  • Are you running TLS between applications and MinIO, and between MinIO components?
  • What is the internal authentication model, the external authentication model, and what are the differences?  In particular for MinIO, which identity provider will be used (internal or external, LDAP or OpenID compliant).
  • Have you defined individual and group access policies using the principle of least privilege access?
  • Are you using service accounts for applications and relying on least privilege access?
  • Is there encryption at rest?
  • Is there an external KMS and MinIO KES to manage certificates?
  • How frequently will/are MinIO components updated?
  • Is Versioning enabled for critical buckets?
  • Are you aware of Object Locking abilities to protect sensitive data?
  • Do you have a solution and process in place to monitor MinIO in order to detect potential security weaknesses and incidents?
  • What procedures do you have in place to audit actions taken by a user, a service account or MinIO itself?
  • Have you designed for high availability and business continuity? MinIO supports Bucket Replication, Batch Replication and Site Replication. We will help you determine and configure the best form of replication to meet your BC/DR requirements.

Holistic Security

Since SUBNET is a critical component of our commercial offerings, we have taken additional steps to secure and certify it. MinIO has implemented an Information Security Management System (ISMS) program consistent with and conforming to the ISO/IEO 27001 standard for Information Security Management.

SUBNET only stores information related to support tickets, customer conversations and user profiles. Health Reports, submitted at will, only contain general statistics on the cluster and no proprietary or identifiable data from the cluster. MinIO personnel do not have access to your data hosted on your MinIO cluster.  

SUBNET Simplifies Security

This blog post provided a guided tour of the security benefits of purchasing a commercial MinIO license, including software patches, security updates, long term support, the Security and Policy Review, and last but not least the security of SUBNET itself. Regardless of what you build on top of MinIO, we’re here to help keep it safe.

If you’d like to learn more about any of the security topics or services discussed in this post, please reach out to us on Slack or hello@min.io.

Previous Post Next Post
S3 Select Security Modern Data Lakes Apache Presto SQL Performance S3 Brand/Design Golang Programming Cloud Computing Microservices Docker AWS Kubernetes Apache Spark Open Source Benchmarks Integrations SUBNET Edge Computing Sidekick Secure-by-Design Splunk Veeam Intel Apache Nifi Immutability Software Defined Storage VMware Apache Arrow Hybrid Cloud Red Hat OpenShift Multicloud Scalability Cloud Field Day Cloud Native Apache Kafka Architect's Guide Awards Operator's Guide Security Advisory AI/ML AGPLv3 Apache Hadoop SFD Azure GCP Observability Analytics R H20 DirectPV DevOps Apache Iceberg Apache Hudi YouTube Summaries EKS Elastic Load Balancers CI/CD Object Storage Compliance opentelemetry BC/DR Storage Newsletter Predictions Best Practices Dremio New MinIO Features partners Small Files Databases DuckDB PostgreSQL Delta Lake Cloud Repatriation Python Object Lambdas Data Pipelines Cloud Operating Model Webhook ClickHouse Vector Database Events Value Engineering Change Data Capture Enterprise Object Store GitOps Case Study Equinix